How to create a VPN server with Microsoft Azure
Learn how to create a personal VPN server using Microsoft Azure and Meshnet.
Microsoft Azure is a cloud computing platform that provides a range of options for people looking to host their services on the cloud. Azure's extensive features and benefits make it a great choice to host a VPN server.
With Microsoft Azure, you can easily create and manage various virtual machines (VMs). Its global network of data centers ensures fast and reliable access to your services from anywhere in the world. Additionally, Azure has a flexible pricing model, offering a free subscription and allowing you to pay only for the resources you use once the free trial expires.
By using Meshnet in tandem with Azure, you can turn a simple VM into a secure VPN server without any advanced configuration.
This guide showcases how you can make a VPN server from a VM hosted by Microsoft Azure using Meshnet’s traffic routing feature.
Note
Be aware that by setting up your own VPN server, you increase your online privacy but not to the same extent as when connecting to a regular VPN server provided by NordVPN, which follows a strict no-logs policy.
To follow this guide, you need an active Microsoft Azure account. You can sign up for free on the Azure website.
First, you need to create a VM on Azure. While this guide focuses on setting up an Ubuntu VM, Azure allows you to create Windows VMs as well.
- 1.
- 2.From your Azure portal, click Virtual machines.
- 3.Click Create and select Azure virtual machine.
- 4.In the Instance details section, name your VM, select its region, and choose the operating system (for example, Ubuntu 22.04 LTS).
- 5.Under Administrator account, select SSH public key authentication or create a password and choose the name of the administrator user of the VM.
- 6.Click Review + create.
- 7.Click Create.
Note
If you chose the SSH key authentication type, you will receive a Generate new key pair message after clicking the Create button. Select the Download private key and create resource option to download the private key file.
Another method of managing Azure resources is the Azure Command-line interface (CLI). The Azure CLI allows you to create, deploy, and manage your Azure resources without using the internet browser. This method is highly beneficial for automation or server environments.
To interact with Azure using CLI, you need to install the Azure CLI application on your device. Installation instructions for all compatible operating systems can be found on the Azure CLI documentation page.
Upon installing Azure CLI, log in to your Azure account by taking these steps:
- 1.Open PowerShell (on Windows) or Terminal (on macOS and Linux).
- 2.Run the following command to start the login process:az login
- 3.Open the generated URL in an internet browser.
- 4.Log in to your Azure account.
- 5.Authenticate using the code provided in your CLI window.
Azure uses resource groups to manage your VMs and their related resources. To create a resource group for your VPN server:
Windows
macOS and Linux
- 1.Open PowerShell.
- 2.Define the environmental variables for your VM by running the following commands:$env:RESOURCE_GROUP_NAME="<groupName>"$env:LOCATION="<region>"$env:VM_NAME="<vmName>"$env:VM_IMAGE="<imageName>"$env:ADMIN_USERNAME="<username>"Where:
<groupName>is a custom name for your resource group.<location>is the region where your VM will be located.- You can check region names with the
az account list-locations -o tablecommand.
<vmName>is a custom name for your VM.<imageName>is the name of the operating system image for your VM.<username>is the name of the user account for your VM. Example
- 3.Create the resource group with this command:az group create --name $env:RESOURCE_GROUP_NAME --location $env:LOCATION
Note
The environmental variables will be reset if you close the PowerShell window.
- 1.Open Terminal.
- 2.Define the environmental variables for your VM by running the following commands:export RESOURCE_GROUP_NAME=<groupName>export LOCATION=<region>export VM_NAME=<vmName>export VM_IMAGE=<imageName>export ADMIN_USERNAME=<user>Where:
<groupName>is a custom name for your resource group.<location>is the region where your VM will be located.- You can check region names with the
az account list-locations -o tablecommand.
<vmName>is a custom name for your VM.<imageName>is the name of the operating system image for your VM.<username>is the name of the user account for your VM. Example
- 3.Create the resource group with this command:az group create --name $RESOURCE_GROUP_NAME --location $LOCATION
Note
The environmental variables will be reset if you close the Terminal window.
With the environment variables defined and the resource group created, you can deploy your VM in Azure.
Windows
macOS and Linux
In PowerShell, execute the following command to create the virtual machine in Azure:
az vm create `
--resource-group $env:RESOURCE_GROUP_NAME `
--name $env:VM_NAME `
--image $env:VM_IMAGE `
--admin-username $env:ADMIN_USERNAME `
--generate-ssh-keys `
--public-ip-sku Standard
This command automatically generates an SSH key pair for your VM and places it in the default SSH directory (
~/.ssh). Once the VM is created, you will see an output of the VMs information.
In Terminal, execute the following command to create the virtual machine in Azure:
az vm create \
--resource-group $RESOURCE_GROUP_NAME \
--name $VM_NAME \
--image $VM_IMAGE \
--admin-username $ADMIN_USERNAME \
--generate-ssh-keys \
--public-ip-sku Standard
This command automatically generates an SSH key pair for your VM and places it in the default SSH directory (
~/.ssh). Once the VM is created, you will see an output of the VMs information.
Once your VM is deployed, you can access it over SSH. The way to access the VM depends on which authentication method you chose while creating it.
SSH public key authentication
SSH password authentication
To use the SSH key for authentication, you need to set the private key’s permissions to read-only.
- 1.Open PowerShell.
- 2.Run the following three commands to apply the permission change, substituting
</path/to/private/key>with the path to the downloaded private key:icacls.exe </path/to/private/key> /reseticacls.exe </path/to/private/key> /grant:r "$($env:username):(r)"icacls.exe </path/to/private/key> /inheritance:rExample
- 1.Open Terminal.
- 2.Run the following command to apply the permission change, substituting
</path/to/private/key>with the path to the downloaded private key:chmod 400 </path/to/private/key>Examplechmod 400 /Users/ventura/.ssh/UbuntuVPNServer_key.pem
- 1.Locate the public IP address of your VM.
- You can find the public IP in the Overview section of the VM in your Azure Portal.
- If you created the VM using Azure CLI, you can run one of the following commands: For Windows in PowerShell:az vm show -d -g $env:RESOURCE_GROUP_NAME -n $env:VM_NAME --query publicIps -o tsvFor macOS and Linux in Terminal:az vm show -d -g $RESOURCE_GROUP_NAME -n $VM_NAME --query publicIps -o tsv
- 2.Run the
ssh -i </path/to/private/key> <username>@<server>command in PowerShell or Terminal, where:</path/to/private/key>is the location of the downloaded SSH private key.<username>is the name of the administrator user of the VM.<server>is the VM’s public IP address.Examplessh -i C:\Users\secretmeerkat\.ssh\UbuntuVPNServer_key.pem [email protected]
- 3.Type in
yesand press Enter to confirm the connection.
You should now be connected to your Azure VM.
- 1.Locate the public IP address of your VM. It can be found in the Overview section of the VM in your Azure Portal.
- 2.Open Terminal (on Linux and macOS) or Command Prompt (on Windows).
- 3.Run the
ssh <username>@<server>command, where:<username>is the name of the administrator user of the VM.
- 4.Enter your authentication password.
- 5.Type in
yesand press Enter to confirm the connection.
You should now be connected to your Azure VM.
Follow these steps to install NordVPN on your virtual server:
- 1.Download and install the NordVPN Linux client by running the command below.sh <(wget -qO - https://downloads.nordcdn.com/apps/linux/install.sh)
- 2.Log in to your NordVPN account.
You can log in to your NordVPN account without the use of a graphical user interface (GUI) in two ways:
- By running the
nordvpn logincommand with the--tokenflag - By running the
nordvpn logincommand with the--callbackflag
Log in using a token
Log in using a URL
- 1.On any device, log in to your Nord Account dashboard and, under NordVPN Meshnet free, select View details.
- 2.Scroll down until you see Manual setup, and select Set up NordVPN manually.
- 3.Enter the verification code sent to your email address.
- 4.Under Access token, select Generate new token.
- 5.In the dialog that appears, choose either a token that expires in 30 days or one that never expires, and then select Generate token.
- 6.Select Copy and close.
- 7.On your VM, run the
nordvpn login --token <your_token>command, replacing<your_token>with the copied token. Examplenordvpn login --token 3fe460cefb8dcf1478c92e45908cec9f9bdbadf7a456a6dfb35dc2c58ee39d5b
You should now see a welcome message.
Tip
To preserve your token when logging out of the NordVPN app, use the
nordvpn logout --persist-token command. Otherwise, your token will be revoked. - 1.Run the following command:nordvpn login
- 2.Open the provided link on any device in your browser.
- 3.Complete the login procedure.
- 4.Right-click the Continue button and select Copy link address.
- 5.Run the
nordvpn login --callback "<URL>"command, replacing<URL>with the previously copied link address. Examplenordvpn login --callback "nordvpn://login?action=login&exchange_token=MGFlY2E1NmE4YjM2NDM4NjUzN2VjOWIzYWM3ZTU3ZDliNDdiNzRjZTMwMjE5YjkzZTNhNTI3ZWZlOTIwMGJlOQ%3D%3D&status=done"
You should now see a welcome message.
nordvpn set meshnet on
To check your server’s Nord name and the Meshnet IP address, enter the following command:
nordvpn meshnet peer list
Example
With Meshnet enabled, your peer devices should now be able to connect to the server. To connect, start routing traffic from a client device through the VM, which you can find in the list of your Meshnet peer devices.
Your IP address should now be the same as the virtual machine’s. This way, your real public IP address is protected, and the websites you visit will see the location of your VPN server instead of your actual device.
